March 29, 2025 - Red Dot Security

(For a video version of my introductory comments, click here.)

Hello all,

This has been an interesting week with the variety of severe vulnerabilities reported, and the types and numbers of breached or compromised organizations, some of which are massive.

Headline NEWS:

Broadcom has released updates to VMware Tools for Windows to address an authentication bypass defect. Immediate updates are urged to plug this hole.
CrushFTP emailed all clients a week ago to update to their latest version to plug a hole that allows for unauthenticated access. It has not been reported as exploited in the wild yet, but now that it is being reported publicly, that’s only a matter of time.
Google released another update for a zero-day defect in their Chrome browser. Interestingly, this one was brought to them by a Russian researcher who was looking to have attacks against Russia via the hole stopped. Other chromium browsers, such as Microsoft Edge, have been pushing updates for this defect too.
Mozilla Firefox developers examined the defect that Google patched and discovered that they were also vulnerable. As a result, apply the latest Firefox update to plug a critical sandbox escape defect as soon as possible.
HaveIBeenPwned is a website that houses a gargantuan database of email addresses that have been compromised. It is owned and maintained by Troy Hunt. He was just Pwned via a phishing email purporting to be his mailing list vendor, MailChimp. Troy’s blog about this event goes into excellent detail about how this happened and offers advice to others to avoid his error.
IngressNightmare is the moniker given to a series of vulnerabilities found in the “Ingress NGINX Controller” for Kubernetes. This one is critical as it allows for remote code execution without authentication. If you use this, patch immediately!
Next.js has a major hole that looks like it could be another Log4J or Log4Shell type of vulnerability. If you’ve used this in your programming or environment, update to the latest version to fix this. The rest of us need to watch for updates from our vendors to ensure that this is properly patched. We all know which of our software this is because they all have a Software Bill of Materials (SBOM) listing all dependencies contained therein, right?
Oracle has apparently experienced two separate breaches recently. The first involves a criminal dirtbag that goes by the moniker “rose87168” who claims to have exfiltrated 6 million records, impacting in excess of 140,000 tenants from Oracle’s Cloud service. For their part, Oracle is denying the report and claims there has been no breach, despite mounting evidence from various security researchers, and confirmation from victim organizations that leaked sample data is in indeed genuine. The second breach, which Bloomberg reported is being investigated by the FBI, that is not being currently denied or acknowledged is in Oracle Health. This breach was apparently in older servers that had not yet been migrated to Oracle’s Cloud. There are reports of Oracle privately contacting impacted organizations and telling them that they’ll help identify impacted victims, but it is up to the hospitals to determine if they are subject to any HIPAA regulations. Obviously, both of these breaches will have far-reaching implications for impacted organizations and individuals.

In Ransomware, Malware, and Vulnerabilities News:

Walmart and WOW are both investigating claims by evil individuals that they’ve successfully attacked and exfiltrated troves of data from them. Walmart’s alleged breach is in SAMS Club, with the group Cl0p claiming credit. As yet there is no evidence presented, nor is there confirmation from Walmart. Since Cl0p was heavily involved in the recent Cleo file transfer platform vulnerability and breach, it is highly possible that it is the source of this event. The WOW breach is claimed by a Russian speaking group with the moniker Arkana. They assert that they have accessed over 400,000 client records and have control over WOW’s backend infrastructure. Their announcement contained an evilly creative music video showing off some of their claims, so this is likely going to get ugly fast.

In Other News Events of Note and Interest:

Anthropic scientists expose how AI actually ‘thinks’ is a fascinating dive into the “black box” of what happens between when an AI is given an input and the output it creates. How does it do what it does is a question that is only partially understood, and in many cases, it was not what the researchers expected.

Musings:

Those of us who have grown up with digital everything are part of what I suspect will be a “lost generation” a hundred years from now. We are memorializing our experiences in digital format. And while this is an excellent way to preserve them for future generations, it is not an ideal medium for presentation. We used to carefully curate selected photos to represent events or interests. Now we have massive, often random collections of digital images and communication. We used to keep shoe boxes or file folders of correspondence. We had flip out albums full of photos and handwritten notes about vacations, weddings, birthdays and more. You could touch, feel, smell and interact with the printed page that just doesn’t have the same tactile fondness and feeling of sentiment when presented by cold electrons. How do you press a flower or leaf into the pages of your iPad? Where do you store that lock of hair? Do you have photo albums you can pass on to future generations? How about hard copies of letters or notes that have been sent by or to you? Sure, if these exist in digital format, ensure that you hold onto copies of them. However, I encourage you to think about also preserving these in hard copy format. Future generations will thank you.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Like this: